Just upgraded to Jabber for - Page 2

mmercaldiJenn · ‎09-14-2015

I am not experiencing this issue on windows computers internally or externally but on macs I am getting the following error message when Jabber is trying to add our webex site:

The meeting site certificate is not valid. Contact your system administrator for support.

I also tried for testing purposes adding cisco.webex.com and I still get that error message.

For external we are using the expressways and the version of Jabber I am using is 10.6.1

Has anyone had this issue on macs before and does anyone know what needs to be done to resolve?

Matt Haedo · ‎10-08-2015

Confirmed working in El Capitan RTM (OS X 10.11 15A284) and Jabber 11.1.0 (221135). Thanks!

Jakub Stroinski · ‎09-22-2015

Worked for me too. Thanks!

JOHN PARDUHN · ‎10-05-2015

This fix was spot-on, Jasmeet...thank you for helping me with a problem that's been vexing me for a few months now.

Jasmeet Sandhu · ‎10-23-2015

Hey Guys,

Final update on this: Jabber for Mac 11.1.1 has been released and that has the official support for EL Capitan. Additionally this issue has been resolved in this latest release.

The defect which was created to track this issue was : CSCuw12621 Meeting site certificate is not valid error which you can verify in the Release Notes here: Resolved Caveats in 11.1.1

You can download Jabber for Mac 11.1.1 here: Download Software

Thanks for your patience and time.

Have a good weekend :)

Best Regards,

Jas

pbugnard · ‎10-23-2015

Just upgraded to Jabber for Mac 11.1(1), and yes the problem is gone :-).

Thanks Cisco!

gpworld · ‎11-04-2015

fixed mine... thanks! perfect solution.

chouna789 · ‎05-06-2016

Hello Jasmeet,

your post did helped me in said issue. But i am trying to have mentioned certificate installed and check 10.6.1, issue still persists. with 11.1.1. I see no issue but, unfortunately due to compliance reason i cannot recommend users to move to 11.1.1.

Changing trust level to "Always Trust", it worked. El Capitan + Jabber 10.6.1 + Class 3 cert = success. :)

Thanks,

Narendra

nick.mueller · ‎10-09-2015

Has anyone opened with TAC to get a bug ID on this one? Curious how they classify it - Jabber bug? WebEx bug? Who knows.

I opened a case myself, if I get a bug ID, I'll post back. If more customers and partners open a case referencing the same bug ID it might get some attention at Cisco and they may do the right thing (tm) - change the certificates they present as part of the chain of trust on WebEx sites to use a 2048-bit root CA.

I believe this issue crept up because there are, from what I can tell, two versions of the VeriSign Class 3 Primary CA – G5 certificate (which is an intermediate in the chain at present). One version (the version they are not using) is a 2048-bit self-signed true root CA. But the other version (the version currently on the WebEx "edges" at depth 2) is an intermediate CA that is in turn signed by the "Verisign Class 3 Public Primary CA" 1024-bit root certificate which has been removed from El Capitan by Apple (I am surprised it was not removed from iOS 9 as well). It seems someone in the WebEx team must have made a configuration mistake and loaded the second (intermediate) version, rather than the first "true root" version, to the WebEx "edge" back when they migrated from DigiCert to Symantec circa January 2015. I don't know why they would chain off a 1024-bit root when they could chain off the 2048-bit root instead, but they did.

If you look at the description of the "VeriSign Class 3 Public Primary CA" on Symantec's site (http://www.symantec.com/page.jsp?id=roots) it even implies it should not be used after Q4 2010 (replaced by the 2048-bit root):

"Description: This root CA is the root used for Secure Site Pro Certificates , Premium SSL Certificates and Code Signing Certificates. It is intended to be the primary root used for these products until Q4 2010 when VeriSign transitions to using a 2048 bit root. After that transition this CA will be used as part of a cross certification to ensure legacy applications continue to trust VeriSign certificates and must continue to be included in root stores by vendors. This root is expected to be used in this way at least until 12/31/2013 and vendors should not plan on removing support for this root until officially advised that the root is no longer needed to support certificates or CRL validation."

Oh well...

pbugnard · ‎10-13-2015

Same issue on my side since I upgraded to OSX El Capitan. I never had such an issue on previous OSX versions.

Well, still nothing on the bug toolkit apparently. So, while Cisco and Apple evolve on their recently announced landmark partnership ... I'll also open a TAC SR by tomorrow in order to eventually have it fixed very soon.

Jasmeet Sandhu · ‎10-13-2015

Hey Guys,

I would like to point out that latest OSX 10.11.x is not yet officially supported by Jabber for Mac 11.x release: Software Requirements

Development is currently working on the next 11.x release which will have support for El Capitan and based on their testing, this issue should be resolved in the next upcoming release.

Once we have a tentative date, will update this thread, in the meantime, you have the temporary workaround.

Regards,

Jas

pbugnard · ‎10-13-2015

Good point ... my apologies then. I thought the latest 11.1 release of Jabber for Mac would be "de-facto evergreen" with regards to the actual OSX version.

Jabber for the mac cannot connect to webex